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WHAT IS CLAIMED IS : 



1 LA method for managing access to resources, comprising: 

2 exchanging encryption keys among a first entity, second entity, third entity, and a 

3 fourth entity, wherein each entity has one relationship with one other entity, and wherein the 

4 encryption keys are exchanged pursuant to the relationships; and 

5 encrypting with the encryption keys electronic messages concerning digital 



6 enrollments to provide to the first entity, wherein the digital enrollment is associated with at 

7 least one digital ticket that authorizes access to a resource managed by the fourth entity, 

8 wherein presentation of the digital enrollment causes the presentation of one digital ticket 

9 associated with the digital enrollment to authorize the first entity to access the resource. 



1 2 . The method of claim 1 , wherein the first entity and the second entity have a 

2 first relationship such that the first entity is associated with the second entity and wherein the 

3 second entity and third entity have a second relationship through which entities associated 

4 with the second entity can access resources managed by the fourth entity. 

1 3 . The method of claim 2, wherein the third entity and fourth entity have a third 

2 relationship through which the fourth entity makes managed resources available to entities 

3 designated by the third entity. 

1 4. The method of claim 3, wherein exchanging the encryption keys further 

2 comprises: 

3 transmitting, with the fourth entity, the fourth entity encryption key to the third entity; 

4 transmitting, with the third entity, the third entity and fourth entity encryption keys to 

5 the second entity after receiving the fourth entity encryption key from the fourth entity; and 

6 transmitting, with the second entity, the second entity, third entity, and fourth entity 

7 encryption keys to the first entity after receiving the third entity and fourth entity encryption 

8 keys from the third entity. 
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1 5 . The method of claim 3, wherein exchanging the encryption keys further 

2 comprises: 

3 transmitting, with the first entity, the first entity encryption key to the second entity; 

4 transmitting, with the second entity, the first entity and second entity encryption keys 

5 to the third entity after receiving the fist entity encryption key from the first entity; and 

6 transmitting, with the third entity, the first entity, second entity, and third entity 

7 encryption keys to the first entity after receiving the first and second entity encryption keys 

8 from the second entity. 

1 6 . The method of claim 1 , further comprising: 

2 using, with the second entity, the first entity encryption key received during the 

3 exchange of encryption keys to encrypt a message including at least one digital enrollment 

4 to the first entity that the first entity can use to access the resource; and 

5 using, with the first entity, the second entity encryption key received during the 

6 exchange of encryption keys to decrypt the message received from the second entity 

7 providing the digital enrollment 

1 7. The method of claim 6, further comprising: 

2 using, with the second entity, the second entity encryption key to encrypt the 

3 message including the digital enrollment before encrypting the message with the first entity 

4 encryption key. 

1 8 . The method of claim 1 , further comprising: 

2 using, with the first entity, the encryption key of the fourth entity received during the 

3 exchange of encryption keys to encrypt a message including the digital enrollment to access 

4 the resource managed by the fourth entity; and 
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using, with the fourth entity, the first entity encryption key received during the 
exchange of encryption keys to decrypt the message received from the first entity providing 
the digital enrollment 

9, The method of claim 1 , wherein exchanging the encryption keys further 
comprises exchanging the encryption keys with a fifth entity, further comprising: 

maintaining, with the fifth entity, a mapping of digital enrollment to associated digital 

tickets; 

using, with the first entity, the encryption key of the fifth entity received during the 
exchange of encryption keys to encrypt a message including the digital enrollment to 
transmit to the fifth entity; 

using, with the fifth entity, the first entity encryption key received during the 
exchange of encryption keys to decrypt the message received from the first entity providing 
the digital enrollment; 

processing the mapping to determine the digital tickets associated with the received 

enrollment; and 

using, with the fifth entity, the first entity encryption key received during the 
exchange of encryption keys to encrypt a message including the digital tickets to transmit to 
the first entity to use to access the resource from the fourth entity. 

1 0 . The method of claim 9, further comprising: 

using, with the first entity, the encryption key of the fourth entity received during the 
exchange of encryption keys to encrypt a message including the digital ticket received from 
the fifth entity to send to the fourth entity; and 

using, with the fourth entity, the first entity encryption key received during the 
exchange of encryption keys to decrypt the message received from the first entity providing 
the digital tickets; 
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8 granting, with the fourth entity, the first entity access to the resource if the digital 

9 ticket included in the decrypted message authorizes access to the resource. 

1 11. The method of claim 1 , wherein the resource consists of a resource that is a 

2 member of the set of resources comprising: data, computer programs, and control of an 

3 electro-mechanical machine. 

1 1 2 . A system for managing access to resources, comprising: 

2 means for exchanging encryption keys among a first entity, second entity, third 

3 entity, and a fourth entity, wherein each entity has one relationship with one other entity, and 

4 wherein the encryption keys are exchanged pursuant to the relationships; and 

5 means for encrypting with the encryption keys electronic messages concerning 

6 digital enrollments to provide to the first entity, wherein the digital enrollment is associated 

7 with at least one digital ticket that authorizes access to a resource managed by the fourth 

8 entity, wherein presentation of the digital enrollment causes the presentation of one digital 

9 ticket associated with the digital enrollment to authorize the first entity to access the 

10 resource. 



1 13. The system of claim 12, wherein the first entity and the second entity have a 

2 first relationship such that the first entity is associated with the second entity and wherein the 

3 second entity and third entity have a second relationship through which entities associated 

4 with the second entity can access resources managed by the fourth entity. 

1 14. The system of claim 13, wherein the third entity and fourth entity have a 

2 third relationship through which the fourth entity makes managed resources available to 

3 entities designated by the third entity. 
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1 15. The system of claim 14, wherein the means for exchanging the encryption 

2 keys further performs: 

3 transmitting, with the fourth entity, the fourth entity encryption key to the third entity; 

4 transmitting, with the third entity, the third entity and fourth entity encryption keys to 

5 the second entity after receiving the fourth entity encryption key from the fourth entity; and 

6 transmitting, with the second entity, the second entity, third entity, and fourth entity 

7 encryption keys to the first entity after receiving the third entity and fourth entity encryption 

8 keys from the third entity. 

1 1 6 . The system of claim 14, wherein the means for exchanging the encryption 

2 keys further performs: 

3 transmitting, with the first entity, the first entity encryption key to the second entity; 

4 transmitting, with the second entity, the first entity and second entity encryption keys 

5 to the third entity after receiving the fist entity encryption key from the first entity; and 

6 transmitting, with the third entity, the first entity, second entity, and third entity 

7 encryption keys to the first entity after receiving the first and second entity encryption keys 

8 from the second entity. 

1 17. The system of claim 1 2, further comprising: 

2 means for using, with the second entity, the first entity encryption key received 

3 during the exchange of encryption keys to encrypt a message including at least one digital 

4 enrollment to the first entity that the first entity can use to access the resource; and 

5 means for using, with the first entity, the second entity encryption key received 

6 during the exchange of encryption keys to decrypt the message received from the second 

7 entity providing the digital enrollment 




_4 1 _ Express Mail No. EL82 1 1 57439US 

Docket No. ARC920000 1 27US 1 
Firm No. 0060.0003 

1 18. The system of claim 17, further comprising: 

2 means for using, with the second entity, the second entity encryption key to encrypt 

3 the message including the digital enrollment before encrypting the message with the first 

4 entity encryption key. 

1 19. The system of claim 1 2, further comprising: 

2 means for using, with the first entity, the encryption key of the fourth entity received 

3 during the exchange of encryption keys to encrypt a message including the digital enrollment 

4 to access the resource managed by the fourth entity; and 

5 means for using, with the fourth entity, the first entity encryption key received during 

6 the exchange of encryption keys to decrypt the message received from the first entity 

7 providing the digital enrollment. 

1 20 . The system of claim 12, wherein the means for exchanging the encryption 

2 keys further performs exchanging the enciyption keys with a fifth entity, further comprising: 

3 means for maintaining, with the fifth entity, a mapping of digital enrollment to 

4 associated digital tickets; 

5 means for using, with the first entity, the encryption key of the fifth entity received 

6 during the exchange of encryption keys to encrypt a message including the digital enrollment 

7 to transmit to the fifth entity; 

8 means for using, with the fifth entity, the first entity encryption key received during 

9 the exchange of encryption keys to decrypt the message received from the first entity 

1 0 providing the digital enrollment; 

1 1 means for processing the mapping to determine the digital tickets associated with 

1 2 the received enrollment; and 

1 3 means for using, with the fifth entity, the first entity encryption key received during 

14 the exchange of encryption keys to encrypt a message including the digital tickets to 

1 5 transmit to the first entity to use to access the resource from the fourth entity. 
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1 21. The system of claim 20, further comprising: 

2 means for using, with the first entity, the encryption key of the fourth entity received 

3 during the exchange of encryption keys to encrypt a message including the digital ticket 

4 received from the fifth entity to send to the fourth entity; and 

5 means for using, with the fourth entity, the first entity encryption key received during 

6 the exchange of encryption keys to decrypt the message received from the first entity 

7 providing the digital tickets; and 

8 means for granting, with the fourth entity, the first entity access to the resource if the 

9 digital ticket included in the decrypted message authorizes access to the resource. 

1 22. The system of claim 12, wherein the resource consists of a resource that is 

2 a member of the set of resources comprising: data, computer programs, and control of an 

3 electro-mechanical machine. 

1 23 . An article of manufacture including code executed by a first entity, second 

2 entity, third entity, and fourth entity to manage access to a resource, comprising: 

3 code executed by the first, second, third, and fourth entities to receive encryption 

4 keys of all the other entities wherein each entity has one relationship with one other entity, 

5 and wherein the encryption keys are exchanged pursuant to the relationships; and 

6 code executed by the first entity to receive electronic messages concerning digital 

7 enrollments encrypted with the encryption keys of at least one of the first, second, and third 

8 entities, wherein the digital enrollment is associated with at least one digital ticket that 

9 authorizes access to a resource managed by the fourth entity, wherein presentation of the 

1 0 digital enrollment causes the presentation of one digital ticket associated with the digital 

1 1 enrollment to authorize the first entity to access the resource. 
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1 24. The article of manufacture of claim 23, wherein the first entity and the 

2 second entity have a first relationship such that the first entity is associated with the second 

3 entity and wherein the second entity and third entity have a second relationship through 

4 which entities associated with the second entity can access resources managed by the 

5 fourth entity. 



1 25 . The article of manufacture of claim 24, wherein the third entity and fourth 

2 entity have a third relationship through which the fourth entity makes managed resources 

3 available to entities designated by the third entity. 

1 26. The article of manufacture of claim 23, further comprising: 

2 code executed by the second entity to use the first entity encryption key received 

3 during the exchange of encryption keys to encrypt a message including at least one digital 

4 enrollment to the first entity that the first entity can use to access the resource; and 

5 code executed by the first entity to use the second entity encryption key received 

6 during the exchange of encryption keys to decrypt the message received from the second 

7 entity providing the digital enrollment 

1 27 . The article of manufacture of claim 26, further comprising: 

2 code executed by the second entity to use the second entity encryption key to 

3 encrypt the message including the digital enrollment before encrypting the message with the 

4 first entity encryption key. 

1 28. The article of manufacture of claim 23, further comprising: 

2 code executed by the first entity to use the encryption key of the fourth entity 

3 received during the exchange of encryption keys to encrypt a message including the digital 

4 enrollment to access the resource managed by the fourth entity; and 
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5 code executed by the fourth entity to use the first entity encryption key received 

6 during the exchange of encryption keys to decrypt the message received from the first entity 

7 providing the digital enrollment. 

1 29. The article of manufacture of claim 23, wherein exchanging the encryption 

2 keys further comprises exchanging the encryption keys with a fifth entity, further comprising: 

3 code executed by the fifth entity to maintain a mapping of digital enrollments to 

4 associated digital tickets; 

5 code executed by the first entity to use the encryption key of the fifth entity received 

6 during the exchange of encryption keys to encrypt a message including the digital enrollment 

7 to transmit to the fifth entity; 

8 code executed by the fifth entity to use the first entity encryption key received 

9 during the exchange of encryption keys to decrypt the message received from the first entity 

1 0 providing the digital enrollment; 

1 1 code executed by the fifth entity to process the mapping to determine the digital 

1 2 tickets associated with the received enrollment; and 

1 3 code executed by the fifth entity to use the first entity encryption key received 

14 during the exchange of encryption keys to encrypt a message including the digital tickets to 

1 5 transmit to the first entity to use to access the resource from the fourth entity. 

1 30. The article of manufacture of claim 29, further comprising: 

2 code executed by the first entity to use the encryption key of the fourth entity 

3 received during the exchange of encryption keys to encrypt a message including the digital 

4 ticket received from the fifth entity to send to the fourth entity; and 

5 code executed by the fourth entity to use the first entity encryption key received 

6 during the exchange of encryption keys to decrypt the message received from the first entity 

7 providing the digital tickets; and 
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8 code executed by the fourth entity to grant the first entity access to the resource if 

9 the digital ticket included in the decrypted message authorizes access to the resource. 



1 31. The article of manufacture of claim 23, wherein the resource consists of a 

2 resource that is a member of the set of resources comprising: data, computer programs, and 

3 control of an electro-mechanical machine. 



